doc: Mention that veth.pair is ignored for unpriv

veth.pair is ignore for unprivileged containers as allowing an
unprivileged user to set a specific device name would allow them to
trigger actions in tools like NetworkManager or other uevent based
handlers that may react based on specific names or prefixes being used.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index d3533de54903ce69a37d5f63adbcaa38386f720b..3d1647fca86d3797f909bc163c18c18b77c61d0c 100644 (file)
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -259,7 +259,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
              by <command>lxc</command>, but if you wish to handle
              this name yourself, you can tell <command>lxc</command>
              to set a specific name with
-             the <option>lxc.network.veth.pair</option> option.
+             the <option>lxc.network.veth.pair</option> option (except for
+             unprivileged containers where this option is ignored for security
+             reasons).
            </para>
 
            <para>